Jump to content

Need help to remove infections - possibly TDL4@MBR


Recommended Posts

Please help - I've been having a lot of virus activity on my computer and need help cleaning it.

Recent activity:

- getting redirected to random websites in Internet Explorer

- losing my internet connection every 15 minutes or so

- spam e-mails were sent from my msn e-mail account to all contacts in my contact list

- 3 recent infections with XP Security 2011 that MBAM seemed to fix

- when I reboot my computer I'm getting a dialog box saying "can't find C:\Documents"

Results of MBAM and DDS posted below, and I've attached the results of defogger and GMER. Everything ran, but DDS didn't prompt for a reboot so I manually rebooted.

I'd really appreciate any help you can provide - I'm getting worried as the problems keep escalating.

MBAM:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6792

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/6/2011 10:35:57 PM

mbam-log-2011-06-06 (22-35-57).txt

Scan type: Full scan (C:\|)

Objects scanned: 295026

Time elapsed: 1 hour(s), 12 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\Temp\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

DDS:

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Sylvie at 22:57:56 on 2011-06-06

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.367 [GMT -5:00]

.

AV: PC Tools AntiVirus Free *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\PC Tools Security\BDT\FGuard.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\HP\Digital Imaging\bin\hposol08.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe

svchost.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\WINDOWS\system32\CSHelper.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page =

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar =

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

mSearchAssistant =

uURLSearchHooks: H - No File

uURLSearchHooks: FCToolbarURLSearchHook Class: {da879c19-9088-418b-a63a-2e6fb294eaf0} - c:\program files\aadvantage eshoppingsm toolbar\Helper.dll

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AAdvantage eShoppingSM Toolbar BHO: {5712a6bb-b6c8-4e52-a152-1ba741c9a6a2} - c:\program files\aadvantage eshoppingsm toolbar\Toolbar.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi699f~1\office14\URLREDIR.DLL

BHO: Club Bing Toolbar Helper: {b771fea3-2a05-4c21-b1e2-55551a97d520} - c:\program files\club bing toolbar helper\Bmbho.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Club Bing Toolbar: {719d74ab-1af9-43a1-8c62-d8750628d93e} - c:\program files\club bing toolbar\Toolbar.dll

TB: Club Bing Toolbar Helper: {b771fea3-2a05-4c21-b1e2-55551a97d520} - c:\program files\club bing toolbar helper\Bmbho.dll

TB: AAdvantage eShoppingSM Toolbar: {85741f1d-ed47-4dcf-9109-07d10213c4d0} - c:\program files\aadvantage eshoppingsm toolbar\Toolbar.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe

uRun: [Google Update] "c:\documents and settings\Sylvie\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [PMX Daemon] ICO.EXE

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office xp\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hp\digital imaging\bin\hposol08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\selphy~1.lnk - c:\program files\canon\selphy photo print\CIC_SPPhelper.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{d25122bc-a60e-4663-b602-b01718f12044}\Icon3E5562ED7.ico

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi699f~1\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi699f~1\office11\REFIEBAR.DLL

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://ra.qwest.com/sdccommon/download/tgctlcm.cab

DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab

DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab

DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab

DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab

DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab

DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab

DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab

DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab

DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab

DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab

DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab

DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab

DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264407051781

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://mail203.mmm.com/dwa85W.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab

DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab

DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab

DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab

DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab

DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab

DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab

DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab

DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab

DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab

DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab

DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}

DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://us-mail-18.mmm.com/dwa7W.cab

DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab

DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\Sylvie\application data\mozilla\firefox\profiles\15ny5g5a.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 64505

FF - prefs.js: network.proxy.type - 1

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff2.dll

FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.6.dll

FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.dll

FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\Sylvie\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\Sylvie\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\documents and settings\Sylvie\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Sylvie\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\Sylvie\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\mi699f~1\office14\NPAUTHZ.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npsharedview.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\pc tools security\bdt\Firefox

FF - Ext: XULRunner: {88B2291E-8495-4A6F-BD73-7474C958A77E} - c:\documents and settings\Sylvie\local settings\application data\{88B2291E-8495-4A6F-BD73-7474C958A77E}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Sylvie\application data\Move Networks

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-1 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-29 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-29 656320]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-5-29 233976]

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-5-29 337872]

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-3-4 266240]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-5-29 371472]

R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-5-29 1117144]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9d359281aab1a;Google Update Service (gupdate1c9d359281aab1a);c:\program files\google\update\GoogleUpdate.exe [2009-5-12 133104]

S2 Input Manager;Input Manager;c:\documents and settings\Sylvie\local settings\application data\Input.bat [2011-6-5 94]

S2 Local Account Authority Service;Local Account Authority Service;c:\documents and settings\Sylvie\local settings\application data\LocalAccountAuthority.bat [2011-6-5 93]

S2 Plug Manager;Plug Manager;c:\documents and settings\Sylvie\local settings\application data\Plug.bat [2011-6-5 95]

S3 cpuz132;cpuz132;\??\c:\docume~1\Sylvie\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\Sylvie\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-12 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-25 39984]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2006-12-30 18432]

S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2006-12-30 14336]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-06-07 03:11:12 -------- d-----w- c:\documents and settings\Sylvie\application data\Windows Search

2011-06-06 03:49:18 0 ----a-w- c:\windows\Dbucimonusi.bin

2011-06-06 03:49:16 94 ---h--w- c:\documents and settings\Sylvie\local settings\application data\Input.bat

2011-06-06 03:49:13 -------- d-----w- c:\documents and settings\Sylvie\local settings\application data\{88B2291E-8495-4A6F-BD73-7474C958A77E}

2011-06-06 03:48:40 95 ---h--w- c:\documents and settings\Sylvie\local settings\application data\Plug.bat

2011-06-06 03:47:55 93 ---h--w- c:\documents and settings\Sylvie\local settings\application data\LocalAccountAuthority.bat

2011-06-06 03:47:01 -------- d-----w- c:\documents and settings\Sylvie\application data\2ADB9037D64CAD53A3CA272BA61CDAE8

2011-06-05 14:43:07 1409 ----a-w- c:\windows\QTFont.for

2011-06-02 00:21:37 53248 ----a-r- c:\documents and settings\Sylvie\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe

2011-06-01 05:41:54 -------- d-----w- C:\Sylvie

2011-05-31 19:23:32 -------- d-----w- c:\documents and settings\all users\Microsoft

2011-05-31 19:21:56 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-05-31 19:18:11 -------- d-----w- c:\documents and settings\Sylvie\local settings\application data\Microsoft Help

2011-05-30 08:06:21 -------- d-----w- c:\windows\system32\winrm

2011-05-30 08:06:15 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-05-30 08:05:13 -------- d-----w- c:\documents and settings\Sylvie\application data\Windows Desktop Search

2011-05-30 08:03:56 -------- d-----w- c:\program files\Windows Desktop Search

2011-05-30 08:02:27 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-05-30 08:02:27 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-05-30 08:02:27 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2011-05-30 08:01:06 -------- d-----w- c:\program files\Windows Media Connect 2

2011-05-30 07:57:38 -------- d-----w- c:\windows\system32\LogFiles

2011-05-30 07:30:09 -------- d-----w- c:\documents and settings\Sylvie\local settings\application data\LogiShrd

2011-05-30 07:27:26 -------- d-----w- c:\program files\common files\LWS

2011-05-30 06:22:31 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-05-30 06:22:12 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-05-30 06:20:23 978944 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-05-30 06:20:23 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-05-30 06:20:23 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-05-30 06:19:25 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-05-30 06:18:14 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-05-30 06:16:44 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-05-29 12:49:50 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-05-29 12:49:49 2074576 ----a-w- c:\windows\PCTBDCore.dll

2011-05-29 12:49:49 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-05-29 12:49:39 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-05-29 12:49:39 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-05-29 12:49:32 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-05-11 22:55:49 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras

2011-05-11 22:53:53 -------- d-----r- c:\program files\Skype

.

==================== Find3M ====================

.

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-27 20:36:58 767952 ----a-w- c:\windows\BDTSupport.dll

2011-04-20 04:32:52 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-04-20 04:32:52 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-01 10:08:56 195168 ----a-w- c:\windows\system32\lvci13251014.dll

2011-04-01 05:11:10 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys

2011-04-01 05:10:46 539232 ----a-w- c:\windows\system32\LVUI2RC.dll

2011-04-01 05:10:24 543328 ----a-w- c:\windows\system32\LVUI2.dll

2011-04-01 05:09:48 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys

2011-04-01 05:08:36 301664 ----a-w- c:\windows\system32\lvcodec2.dll

2011-04-01 05:07:02 10877272 ----a-w- c:\windows\system32\LogiDPP.dll

2011-04-01 05:07:02 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe

2011-04-01 05:06:56 331608 ----a-w- c:\windows\system32\DevManagerCore.dll

2011-04-01 04:56:20 39318 ----a-w- c:\windows\system32\Repository.reg

2011-03-23 04:58:22 14168 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll

2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-11 13:06:44 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-03-10 15:06:50 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: SAMSUNG_HD160JJ/P rev.ZM100-34 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x871004D0]<<

c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x871067f0]; MOV EAX, [0x8710686c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x87186AB8]

3 CLASSPNP[0xF7646FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x87165920]

5 PCTCore[0xF740568B] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x871C6D98]

\Driver\atapi[0x87164A08] -> IRP_MJ_CREATE -> 0x871004D0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8710031B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 23:00:58.76 ===============

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Thanks for your reply!! I didn't successfully attach the scan results in my first message, so I've attached them here. ark.zip

I'm now going to run the steps you provided and I'll post back with results.

The other computer on my home network is now also redirecting. Can I run the same steps on that computer? Is it possible for you to help with both systems in this post, or do you prefer that I start a new post for the other computer?

Again, thanks very much.

Link to post
Share on other sites

Sorry for the attachments, I thought the "I'm infected - what do I do now" post said to zip and attach those particular scans (defogger and GMER).

I've run the steps you provided. TDSSKiller found and cured Rootkit.Win32.TDSS.tdl4. As my system was rebooting I got two dialog boxes, both with only an OK button:

1. Title 'RUNDLL', text 'Error loading gogle o The specified module could not be found'

2. Title 'c:\Documents', text 'Windows cannot find c:\Documents Make sure you typed the name correctly'

I clicked OK on the first dialog box. The second dialog box disappeared and reappeared 3 times while I was writing down the message, then disappeared completely (without my clicking OK).

Other than that, behavior of the system seems much better! I'm not getting redirected and haven't lost internet connection.

I'll wait to hear back from you for next steps. Thanks!

Results of TDSSKiller:

TDSS:

2011/06/08 12:19:17.0968 9824 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48

2011/06/08 12:19:19.0984 9824 ================================================================================

2011/06/08 12:19:19.0984 9824 SystemInfo:

2011/06/08 12:19:19.0984 9824

2011/06/08 12:19:19.0984 9824 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/08 12:19:19.0984 9824 Product type: Workstation

2011/06/08 12:19:19.0984 9824 ComputerName: STRAYLIGHT

2011/06/08 12:19:19.0984 9824 UserName: Sylvie

2011/06/08 12:19:19.0984 9824 Windows directory: C:\WINDOWS

2011/06/08 12:19:19.0984 9824 System windows directory: C:\WINDOWS

2011/06/08 12:19:19.0984 9824 Processor architecture: Intel x86

2011/06/08 12:19:19.0984 9824 Number of processors: 2

2011/06/08 12:19:19.0984 9824 Page size: 0x1000

2011/06/08 12:19:19.0984 9824 Boot type: Normal boot

2011/06/08 12:19:19.0984 9824 ================================================================================

2011/06/08 12:19:21.0671 9824 Initialize success

2011/06/08 12:19:39.0500 7572 ================================================================================

2011/06/08 12:19:39.0500 7572 Scan started

2011/06/08 12:19:39.0500 7572 Mode: Manual;

2011/06/08 12:19:39.0500 7572 ================================================================================

2011/06/08 12:19:40.0421 7572 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/06/08 12:19:40.0468 7572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/08 12:19:40.0515 7572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/08 12:19:40.0546 7572 ADIHdAudAddService (62afc64108bbdb8d3ca32aad559e5af1) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2011/06/08 12:19:40.0593 7572 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/06/08 12:19:40.0640 7572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/08 12:19:40.0734 7572 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/06/08 12:19:41.0046 7572 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/06/08 12:19:41.0468 7572 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/06/08 12:19:41.0531 7572 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/06/08 12:19:41.0546 7572 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/06/08 12:19:41.0578 7572 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/06/08 12:19:41.0609 7572 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/06/08 12:19:41.0625 7572 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/06/08 12:19:41.0656 7572 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/06/08 12:19:41.0671 7572 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/06/08 12:19:41.0703 7572 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/06/08 12:19:41.0734 7572 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/06/08 12:19:41.0750 7572 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/06/08 12:19:41.0812 7572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/08 12:19:41.0875 7572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/08 12:19:41.0984 7572 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/06/08 12:19:42.0046 7572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/08 12:19:42.0078 7572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/08 12:19:42.0109 7572 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/06/08 12:19:42.0187 7572 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

2011/06/08 12:19:42.0218 7572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/08 12:19:42.0265 7572 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/06/08 12:19:42.0265 7572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/08 12:19:42.0312 7572 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/06/08 12:19:42.0343 7572 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/06/08 12:19:42.0359 7572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/08 12:19:42.0406 7572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/08 12:19:42.0453 7572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/08 12:19:42.0515 7572 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/06/08 12:19:42.0546 7572 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/06/08 12:19:42.0734 7572 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

2011/06/08 12:19:42.0796 7572 CVPNDRVA (5ba042bcab6246c6bba51606afd7b488) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

2011/06/08 12:19:42.0843 7572 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/06/08 12:19:42.0875 7572 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/06/08 12:19:42.0890 7572 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/08 12:19:42.0984 7572 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/06/08 12:19:42.0984 7572 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/06/08 12:19:43.0015 7572 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/06/08 12:19:43.0031 7572 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/06/08 12:19:43.0062 7572 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/06/08 12:19:43.0078 7572 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/06/08 12:19:43.0125 7572 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/06/08 12:19:43.0171 7572 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/06/08 12:19:43.0203 7572 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/06/08 12:19:43.0265 7572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/08 12:19:43.0312 7572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/08 12:19:43.0328 7572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/08 12:19:43.0375 7572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/08 12:19:43.0421 7572 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2011/06/08 12:19:43.0453 7572 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/06/08 12:19:43.0500 7572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/08 12:19:43.0515 7572 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/06/08 12:19:43.0531 7572 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/06/08 12:19:43.0656 7572 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

2011/06/08 12:19:43.0687 7572 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/06/08 12:19:43.0750 7572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/08 12:19:43.0796 7572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/06/08 12:19:43.0859 7572 FilterService (1edc0df2da14e04504dd3bac21aa32cd) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2011/06/08 12:19:43.0875 7572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/08 12:19:43.0906 7572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/06/08 12:19:43.0937 7572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/08 12:19:43.0984 7572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/08 12:19:44.0000 7572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/08 12:19:44.0046 7572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/08 12:19:44.0171 7572 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/06/08 12:19:44.0203 7572 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/08 12:19:44.0265 7572 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/06/08 12:19:44.0328 7572 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/06/08 12:19:44.0359 7572 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/06/08 12:19:44.0406 7572 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/06/08 12:19:44.0453 7572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/08 12:19:44.0484 7572 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/06/08 12:19:44.0515 7572 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/06/08 12:19:44.0531 7572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/08 12:19:44.0593 7572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/08 12:19:44.0625 7572 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/06/08 12:19:44.0687 7572 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/06/08 12:19:44.0703 7572 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/08 12:19:44.0718 7572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/08 12:19:44.0750 7572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/08 12:19:44.0968 7572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/08 12:19:45.0281 7572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/08 12:19:45.0562 7572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/08 12:19:45.0750 7572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/08 12:19:45.0812 7572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/08 12:19:45.0843 7572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/08 12:19:45.0859 7572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/08 12:19:45.0890 7572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/08 12:19:45.0921 7572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/08 12:19:46.0000 7572 LVRS (b6e1ccd6572984adcae68439afd07011) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2011/06/08 12:19:46.0046 7572 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys

2011/06/08 12:19:46.0203 7572 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2011/06/08 12:19:46.0281 7572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/08 12:19:46.0328 7572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/08 12:19:46.0359 7572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/08 12:19:46.0375 7572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/08 12:19:46.0421 7572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/08 12:19:46.0468 7572 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

2011/06/08 12:19:46.0500 7572 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/06/08 12:19:46.0515 7572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/08 12:19:46.0578 7572 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/08 12:19:46.0640 7572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/08 12:19:46.0671 7572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/08 12:19:46.0687 7572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/08 12:19:46.0734 7572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/08 12:19:46.0750 7572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/08 12:19:46.0781 7572 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/06/08 12:19:46.0796 7572 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/08 12:19:46.0843 7572 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/06/08 12:19:46.0890 7572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/08 12:19:46.0937 7572 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/06/08 12:19:46.0953 7572 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/08 12:19:46.0968 7572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/08 12:19:47.0015 7572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/08 12:19:47.0062 7572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/08 12:19:47.0078 7572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/08 12:19:47.0109 7572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/08 12:19:47.0156 7572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/08 12:19:47.0187 7572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/08 12:19:47.0234 7572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/08 12:19:47.0312 7572 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/06/08 12:19:47.0375 7572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/08 12:19:47.0390 7572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/08 12:19:47.0468 7572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/08 12:19:47.0484 7572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/08 12:19:47.0515 7572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/08 12:19:47.0578 7572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/08 12:19:47.0609 7572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/08 12:19:47.0640 7572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/08 12:19:47.0687 7572 PCTCore (2d5c059c1a12babf336f319f45c161d3) C:\WINDOWS\system32\drivers\PCTCore.sys

2011/06/08 12:19:47.0718 7572 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys

2011/06/08 12:19:47.0781 7572 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys

2011/06/08 12:19:47.0843 7572 PCTSD (83ddd552f7f1043f764e8cc88ff41232) C:\WINDOWS\system32\Drivers\PCTSD.sys

2011/06/08 12:19:47.0921 7572 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/06/08 12:19:47.0953 7572 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/06/08 12:19:48.0000 7572 pmxmouse (c9e532ae03ae66c65f25ca527029e917) C:\WINDOWS\system32\DRIVERS\pmxmouse.sys

2011/06/08 12:19:48.0015 7572 pmxusblf (1971e853b598bf9baabff2b652e5cd4d) C:\WINDOWS\system32\DRIVERS\pmxusblf.sys

2011/06/08 12:19:48.0062 7572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/08 12:19:48.0093 7572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/08 12:19:48.0109 7572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/08 12:19:48.0140 7572 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/08 12:19:48.0187 7572 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/06/08 12:19:48.0218 7572 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/06/08 12:19:48.0234 7572 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/06/08 12:19:48.0250 7572 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/06/08 12:19:48.0265 7572 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/06/08 12:19:48.0296 7572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/08 12:19:48.0312 7572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/08 12:19:48.0343 7572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/08 12:19:48.0359 7572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/08 12:19:48.0406 7572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/08 12:19:48.0437 7572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/08 12:19:48.0484 7572 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/08 12:19:48.0515 7572 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/08 12:19:48.0578 7572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/08 12:19:48.0640 7572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/08 12:19:48.0703 7572 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys

2011/06/08 12:19:48.0734 7572 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/08 12:19:48.0765 7572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/08 12:19:48.0796 7572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/08 12:19:48.0843 7572 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/06/08 12:19:48.0890 7572 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/06/08 12:19:48.0968 7572 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/06/08 12:19:49.0031 7572 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/06/08 12:19:49.0062 7572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/08 12:19:49.0109 7572 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/08 12:19:49.0156 7572 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/08 12:19:49.0218 7572 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/06/08 12:19:49.0281 7572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/08 12:19:49.0312 7572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/08 12:19:49.0343 7572 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/06/08 12:19:49.0375 7572 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/06/08 12:19:49.0390 7572 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/06/08 12:19:49.0406 7572 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/06/08 12:19:49.0437 7572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/08 12:19:49.0500 7572 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/08 12:19:49.0562 7572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/08 12:19:49.0593 7572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/08 12:19:49.0640 7572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/08 12:19:49.0671 7572 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/06/08 12:19:49.0703 7572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/08 12:19:49.0734 7572 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/06/08 12:19:49.0781 7572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/08 12:19:49.0859 7572 USB28xxBGA (23e192f610e267b73cfee0004c07658d) C:\WINDOWS\system32\DRIVERS\emBDA.sys

2011/06/08 12:19:49.0906 7572 USB28xxOEM (9066c185084f04d08b109df93d2a13cc) C:\WINDOWS\system32\DRIVERS\emOEM.sys

2011/06/08 12:19:49.0953 7572 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/06/08 12:19:49.0984 7572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/08 12:19:50.0015 7572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/08 12:19:50.0046 7572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/08 12:19:50.0078 7572 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/08 12:19:50.0125 7572 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/08 12:19:50.0187 7572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/08 12:19:50.0250 7572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/08 12:19:50.0281 7572 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/06/08 12:19:50.0312 7572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/08 12:19:50.0375 7572 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/06/08 12:19:50.0406 7572 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/06/08 12:19:50.0453 7572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/08 12:19:50.0484 7572 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

2011/06/08 12:19:50.0562 7572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/08 12:19:50.0640 7572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/08 12:19:50.0703 7572 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/06/08 12:19:50.0734 7572 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/06/08 12:19:50.0781 7572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/08 12:19:51.0093 7572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/08 12:19:51.0171 7572 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

2011/06/08 12:19:51.0171 7572 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/06/08 12:19:51.0171 7572 ================================================================================

2011/06/08 12:19:51.0171 7572 Scan finished

2011/06/08 12:19:51.0171 7572 ================================================================================

2011/06/08 12:19:51.0187 9360 Detected object count: 1

2011/06/08 12:19:51.0187 9360 Actual detected object count: 1

2011/06/08 12:20:35.0250 9360 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/06/08 12:20:35.0250 9360 \Device\Harddisk0\DR0 - ok

2011/06/08 12:20:35.0250 9360 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/06/08 12:21:29.0000 6252 Deinitialize success

Link to post
Share on other sites

Thanks - here it is:

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Sylvie at 14:18:34 on 2011-06-08

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.340 [GMT -5:00]

.

AV: PC Tools AntiVirus Free *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\WINDOWS\system32\CSHelper.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\PC Tools Security\BDT\FGuard.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\HP\Digital Imaging\bin\hposol08.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page =

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar =

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

mSearchAssistant =

uURLSearchHooks: H - No File

uURLSearchHooks: FCToolbarURLSearchHook Class: {da879c19-9088-418b-a63a-2e6fb294eaf0} - c:\program files\aadvantage eshoppingsm toolbar\Helper.dll

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AAdvantage eShoppingSM Toolbar BHO: {5712a6bb-b6c8-4e52-a152-1ba741c9a6a2} - c:\program files\aadvantage eshoppingsm toolbar\Toolbar.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi699f~1\office14\URLREDIR.DLL

BHO: Club Bing Toolbar Helper: {b771fea3-2a05-4c21-b1e2-55551a97d520} - c:\program files\club bing toolbar helper\Bmbho.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Club Bing Toolbar: {719d74ab-1af9-43a1-8c62-d8750628d93e} - c:\program files\club bing toolbar\Toolbar.dll

TB: Club Bing Toolbar Helper: {b771fea3-2a05-4c21-b1e2-55551a97d520} - c:\program files\club bing toolbar helper\Bmbho.dll

TB: AAdvantage eShoppingSM Toolbar: {85741f1d-ed47-4dcf-9109-07d10213c4d0} - c:\program files\aadvantage eshoppingsm toolbar\Toolbar.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe

uRun: [Google Update] "c:\documents and settings\sylvie\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [googletalk] c:\documents and settings\sylvie\application data\google talk\googletalk.exe /autostart

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [PMX Daemon] ICO.EXE

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office xp\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hp\digital imaging\bin\hposol08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\selphy~1.lnk - c:\program files\canon\selphy photo print\CIC_SPPhelper.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{d25122bc-a60e-4663-b602-b01718f12044}\Icon3E5562ED7.ico

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi699f~1\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi699f~1\office11\REFIEBAR.DLL

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://ra.qwest.com/sdccommon/download/tgctlcm.cab

DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab

DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab

DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab

DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab

DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab

DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab

DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab

DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab

DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab

DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab

DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab

DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab

DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264407051781

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://mail203.mmm.com/dwa85W.cab

DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://pawbhaji.spaces.live.com/PhotoUpload/MsnPUpld.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab

DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab

DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab

DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab

DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab

DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab

DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab

DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab

DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab

DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab

DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab

DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}

DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://us-mail-18.mmm.com/dwa7W.cab

DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab

DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

TCP: DhcpNameServer = 205.171.3.25 205.171.2.25

TCP: Interfaces\{52AC28AC-2F54-4836-A343-78F8222838BC} : DhcpNameServer = 205.171.3.25 205.171.2.25

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {A1C8CFB5-97AD-4469-8F83-245277625C2F} - rundll32.exe " gogle o", UnregisterDll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\sylvie\application data\mozilla\firefox\profiles\15ny5g5a.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 64505

FF - prefs.js: network.proxy.type - 1

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff2.dll

FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.6.dll

FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.dll

FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\sylvie\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\sylvie\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\documents and settings\sylvie\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\sylvie\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\sylvie\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\mi699f~1\office14\NPAUTHZ.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npsharedview.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\pc tools security\bdt\Firefox

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\sylvie\application data\Move Networks

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-1 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-29 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-29 656320]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-5-29 233976]

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-5-29 337872]

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-3-4 266240]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-5-29 371472]

R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-5-29 1117144]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9d359281aab1a;Google Update Service (gupdate1c9d359281aab1a);c:\program files\google\update\GoogleUpdate.exe [2009-5-12 133104]

S2 Input Manager;Input Manager;c:\documents and settings\sylvie\local settings\application data\Input.bat [2011-6-5 94]

S2 Local Account Authority Service;Local Account Authority Service;c:\documents and settings\sylvie\local settings\application data\LocalAccountAuthority.bat [2011-6-5 93]

S2 Plug Manager;Plug Manager;c:\documents and settings\sylvie\local settings\application data\Plug.bat [2011-6-5 95]

S3 cpuz132;cpuz132;\??\c:\docume~1\sylvie\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\sylvie\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-12 133104]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2006-12-30 18432]

S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2006-12-30 14336]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-06-07 20:33:58 -------- d-----w- c:\documents and settings\sylvie\application data\Google Talk

2011-06-07 03:11:12 -------- d-----w- c:\documents and settings\sylvie\application data\Windows Search

2011-06-06 03:49:18 0 ----a-w- c:\windows\Dbucimonusi.bin

2011-06-06 03:49:16 94 ---h--w- c:\documents and settings\sylvie\local settings\application data\Input.bat

2011-06-06 03:48:40 95 ---h--w- c:\documents and settings\sylvie\local settings\application data\Plug.bat

2011-06-06 03:47:55 93 ---h--w- c:\documents and settings\sylvie\local settings\application data\LocalAccountAuthority.bat

2011-06-06 03:47:01 -------- d-----w- c:\documents and settings\sylvie\application data\2ADB9037D64CAD53A3CA272BA61CDAE8

2011-06-02 00:21:37 53248 ----a-r- c:\documents and settings\sylvie\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe

2011-06-01 05:41:54 -------- d-----w- C:\Sylvie

2011-05-31 19:23:32 -------- d-----w- c:\documents and settings\all users\Microsoft

2011-05-31 19:21:56 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-05-31 19:18:11 -------- d-----w- c:\documents and settings\sylvie\local settings\application data\Microsoft Help

2011-05-30 08:06:21 -------- d-----w- c:\windows\system32\winrm

2011-05-30 08:06:15 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-05-30 08:05:13 -------- d-----w- c:\documents and settings\sylvie\application data\Windows Desktop Search

2011-05-30 08:03:56 -------- d-----w- c:\program files\Windows Desktop Search

2011-05-30 08:02:27 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-05-30 08:02:27 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-05-30 08:02:27 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2011-05-30 08:01:06 -------- d-----w- c:\program files\Windows Media Connect 2

2011-05-30 07:57:38 -------- d-----w- c:\windows\system32\LogFiles

2011-05-30 07:30:09 -------- d-----w- c:\documents and settings\sylvie\local settings\application data\LogiShrd

2011-05-30 07:27:26 -------- d-----w- c:\program files\common files\LWS

2011-05-30 06:22:31 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-05-30 06:22:12 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-05-30 06:20:23 978944 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-05-30 06:20:23 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-05-30 06:20:23 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-05-30 06:19:25 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-05-30 06:18:14 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-05-30 06:16:44 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-05-29 12:49:50 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-05-29 12:49:49 2074576 ----a-w- c:\windows\PCTBDCore.dll

2011-05-29 12:49:49 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-05-29 12:49:39 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-05-29 12:49:39 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-05-29 12:49:32 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-05-11 22:55:49 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras

2011-05-11 22:53:53 -------- d-----r- c:\program files\Skype

.

==================== Find3M ====================

.

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-27 20:36:58 767952 ----a-w- c:\windows\BDTSupport.dll

2011-04-20 04:32:52 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-04-20 04:32:52 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-01 10:08:56 195168 ----a-w- c:\windows\system32\lvci13251014.dll

2011-04-01 05:11:10 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys

2011-04-01 05:10:46 539232 ----a-w- c:\windows\system32\LVUI2RC.dll

2011-04-01 05:10:24 543328 ----a-w- c:\windows\system32\LVUI2.dll

2011-04-01 05:09:48 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys

2011-04-01 05:08:36 301664 ----a-w- c:\windows\system32\lvcodec2.dll

2011-04-01 05:07:02 10877272 ----a-w- c:\windows\system32\LogiDPP.dll

2011-04-01 05:07:02 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe

2011-04-01 05:06:56 331608 ----a-w- c:\windows\system32\DevManagerCore.dll

2011-04-01 04:56:20 39318 ----a-w- c:\windows\system32\Repository.reg

2011-03-23 04:58:22 14168 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll

2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-11 13:06:44 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

.

============= FINISH: 14:20:14.93 ===============

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thanks - I've updated and run Combofix. The PC is no longer showing the two dialog boxes I mentioned on reboot. It's also no longer redirecting in IE and I'm not losing my internet connection. :)

One thing I forgot to mention is still happening: when my computer reboots it's automatically opening a folder C:\Documents and Settings\Sylvie\Application Data\Google, with subfolders GoogleEarth and Local Search History. It doesn't do anything, just opens the folder. This has been happening all along.

ComboFix results:

ComboFix 11-06-08.03 - Sylvie 06/08/2011 18:08:15.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.519 [GMT -5:00]

Running from: c:\documents and settings\Sylvie\Desktop\ComboFix.exe

AV: PC Tools AntiVirus Free *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

ADS - system32: deleted 142 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Sylvie\Application Data\19ridof.log

c:\documents and settings\Sylvie\Application Data\2ADB9037D64CAD53A3CA272BA61CDAE8

c:\documents and settings\Sylvie\Application Data\2ADB9037D64CAD53A3CA272BA61CDAE8\enemies-names.txt

c:\documents and settings\Sylvie\Application Data\2ADB9037D64CAD53A3CA272BA61CDAE8\local.ini

c:\documents and settings\Sylvie\Application Data\Adobe\plugs

c:\documents and settings\Sylvie\Application Data\Adobe\shed

c:\documents and settings\Sylvie\Application Data\Sun\ddee.dat

c:\documents and settings\Sylvie\Application Data\Sun\mnj.dat

c:\documents and settings\Sylvie\Application Data\Sun\mxd1.txt

c:\documents and settings\Sylvie\Application Data\Sun\ogcv98.dll

c:\documents and settings\Sylvie\Application Data\Sun\ppkk.dat

c:\documents and settings\Sylvie\Application Data\Sun\uuoo.dat

c:\documents and settings\Sylvie\Local Settings\Application Data\inlog

c:\documents and settings\Sylvie\Local Settings\Application Data\Input.bat

c:\documents and settings\Sylvie\Local Settings\Application Data\LocalAccountAuthority.bat

c:\documents and settings\Sylvie\Local Settings\Application Data\Plug.bat

c:\documents and settings\Sylvie\Templates\6i543n7kxh567jlxwrlqes3duwrc

c:\documents and settings\Sylvie\Templates\h0387md7ekpl3vuk24yy

c:\documents and settings\Sylvie\WINDOWS

c:\documents and settings\Sylvie\WINDOWS\win.ini

c:\windows\system32\BSTIEPrintCtl1.dll

c:\windows\system32\User.ini

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_INPUT_MANAGER

-------\Legacy_PLUG_MANAGER

-------\Service_Input Manager

-------\Service_Plug Manager

-------\Legacy_Local_Account_Authority_Service

-------\Service_Local Account Authority Service

.

.

((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))

.

.

2011-06-07 20:33 . 2011-06-07 20:33 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Google Talk

2011-06-07 04:35 . 2011-06-07 04:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-06-07 03:11 . 2011-06-07 03:11 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Windows Search

2011-06-06 03:57 . 2011-06-06 03:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-06-06 03:49 . 2011-06-06 03:49 0 ----a-w- c:\windows\Dbucimonusi.bin

2011-06-02 00:21 . 2011-06-02 00:21 53248 ----a-r- c:\documents and settings\Sylvie\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-06-01 23:46 . 2011-06-01 23:46 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Logitech

2011-06-01 05:41 . 2011-06-01 05:42 -------- d-----w- C:\Sylvie

2011-05-31 19:23 . 2011-05-31 19:23 -------- d-----w- c:\documents and settings\All Users\Microsoft

2011-05-31 19:21 . 2011-05-31 19:21 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-05-31 19:18 . 2011-05-31 19:18 -------- d-----w- c:\documents and settings\Sylvie\Local Settings\Application Data\Microsoft Help

2011-05-31 19:17 . 2011-06-01 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2011-05-30 08:06 . 2011-05-30 08:06 -------- d-----w- c:\windows\system32\winrm

2011-05-30 08:06 . 2011-05-30 08:06 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-05-30 08:05 . 2011-05-30 08:05 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Windows Desktop Search

2011-05-30 08:03 . 2011-05-30 18:20 -------- d-----w- c:\program files\Windows Desktop Search

2011-05-30 08:02 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-05-30 08:02 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-05-30 08:02 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2011-05-30 08:01 . 2011-05-30 08:01 -------- d-----w- c:\program files\Windows Media Connect 2

2011-05-30 07:57 . 2011-05-30 07:59 -------- d-----w- c:\windows\system32\drivers\UMDF

2011-05-30 07:57 . 2011-05-30 07:57 -------- d-----w- c:\windows\system32\LogFiles

2011-05-30 07:30 . 2011-05-30 07:30 -------- d-----w- c:\documents and settings\Sylvie\Local Settings\Application Data\LogiShrd

2011-05-30 07:27 . 2011-05-30 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

2011-05-30 07:27 . 2011-05-30 07:27 -------- d-----w- c:\program files\Common Files\LWS

2011-05-30 06:22 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-05-30 06:22 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-05-30 06:20 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-05-30 06:20 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-05-30 06:20 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-05-30 06:19 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-05-30 06:18 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-05-30 06:16 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-05-29 12:49 . 2011-04-27 20:37 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-05-29 12:49 . 2011-04-27 20:37 2074576 ----a-w- c:\windows\PCTBDCore.dll

2011-05-29 12:49 . 2011-04-27 20:37 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-05-29 12:49 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-05-29 12:49 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-05-29 12:49 . 2011-03-10 14:08 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-05-21 11:35 . 2011-05-21 11:35 -------- d-----w- c:\program files\Microsoft Silverlight

2011-05-11 22:55 . 2011-05-18 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras

2011-05-11 22:54 . 2011-06-03 07:19 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Skype

2011-05-11 22:53 . 2011-05-11 22:53 -------- d-----w- c:\program files\Common Files\Skype

2011-05-11 22:53 . 2011-05-11 22:54 -------- d-----r- c:\program files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 14:11 . 2010-01-25 06:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11 . 2010-01-25 06:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-27 20:36 . 2010-07-19 02:15 767952 ----a-w- c:\windows\BDTSupport.dll

2011-04-20 04:32 . 2003-03-19 00:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-04-20 04:32 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-01 10:08 . 2011-04-01 10:08 195168 ----a-w- c:\windows\system32\lvci13251014.dll

2011-04-01 05:11 . 2009-05-09 17:24 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys

2011-04-01 05:10 . 2009-05-09 17:24 539232 ----a-w- c:\windows\system32\LVUI2RC.dll

2011-04-01 05:10 . 2009-05-09 17:24 543328 ----a-w- c:\windows\system32\LVUI2.dll

2011-04-01 05:09 . 2009-05-09 17:23 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys

2011-04-01 05:08 . 2009-05-09 17:24 301664 ----a-w- c:\windows\system32\lvcodec2.dll

2011-04-01 05:07 . 2011-04-01 10:07 10877272 ----a-w- c:\windows\system32\LogiDPP.dll

2011-04-01 05:07 . 2011-04-01 10:07 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe

2011-04-01 05:06 . 2011-04-01 10:06 331608 ----a-w- c:\windows\system32\DevManagerCore.dll

2011-04-01 04:56 . 2009-05-09 17:23 39318 ----a-w- c:\windows\system32\Repository.reg

2011-03-23 04:58 . 2011-03-23 04:58 14168 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll

2011-03-11 14:10 . 2004-08-11 23:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-11 13:06 . 2010-06-01 22:20 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{da879c19-9088-418b-a63a-2e6fb294eaf0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Helper.dll" [2010-11-16 356864]

.

[HKEY_CLASSES_ROOT\clsid\{da879c19-9088-418b-a63a-2e6fb294eaf0}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{26582F40-76E8-4A2A-B30C-26832801B787}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5712A6BB-B6C8-4E52-A152-1BA741C9A6A2}]

2010-11-16 05:11 1532416 ----a-w- c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-11-16 1532416]

.

[HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]

[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]

[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-11-16 1532416]

.

[HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]

[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]

[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-07-30 226576]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-09-04 6856704]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

"googletalk"="c:\documents and settings\Sylvie\Application Data\Google Talk\googletalk.exe" [2011-06-07 134656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]

"PMX Daemon"="ICO.EXE" [2006-11-08 49152]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-06-23 53248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-08 98304]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-20 273544]

"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-04-27 247760]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

Microsoft Office.lnk - c:\program files\Microsoft Office XP\Office10\OSA.EXE [2001-2-13 83360]

officejet 6100.lnk - c:\program files\HP\Digital Imaging\bin\hposol08.exe [2003-4-9 147456]

SELPHY Photo Print Launcher.lnk - c:\program files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe [2009-3-24 135168]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2006-12-30 69632]

VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2009-12-17 6144]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-01-02 23:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2007-09-04 21:40 6856704 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gusvc"=2 (0x2)

"gupdate1c9d359281aab1a"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Sylvie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Sylvie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\TroubleShooter.exe"=

"c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\ToolbarUpdate.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/1/2010 5:20 PM 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [5/29/2011 7:49 AM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [5/29/2011 7:49 AM 656320]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [5/29/2011 7:49 AM 233976]

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 6:25 PM 65536]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [5/29/2011 7:49 AM 337872]

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [3/4/2010 5:40 PM 266240]

R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 5:11 AM 428640]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate1c9d359281aab1a;Google Update Service (gupdate1c9d359281aab1a);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2009 6:27 PM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2009 6:27 PM 133104]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [12/30/2006 12:26 PM 18432]

S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [12/30/2006 12:26 PM 14336]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [5/29/2011 7:49 AM 371472]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 6:00 PM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ sysagent

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-27 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4293127098.job

- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]

.

2011-06-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-29 00:07]

.

2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 23:27]

.

2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 23:27]

.

2011-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886524922-2343721888-3062340848-1005Core.job

- c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-09 17:37]

.

2011-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886524922-2343721888-3062340848-1005UA.job

- c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-09 17:37]

.

2011-06-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-886524922-2343721888-3062340848-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]

.

2011-06-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-886524922-2343721888-3062340848-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 205.171.3.25 205.171.2.25

DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab

DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab

FF - ProfilePath - c:\documents and settings\Sylvie\Application Data\Mozilla\Firefox\Profiles\15ny5g5a.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 64505

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Sylvie\Application Data\Move Networks

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

AddRemove-RealPlayer 12.0 - c:\program files\real\realplayer\Update\r1puninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-08 18:23

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(1000)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

- - - - - - - > 'explorer.exe'(3580)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\MICROS~4\MSSQL\binn\sqlservr.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\ICO.EXE

c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\HP\Digital Imaging\bin\hpoevm08.exe

c:\windows\system32\HPZipm12.exe

c:\program files\HP\Digital Imaging\Bin\hpoSTS08.exe

c:\windows\system32\MsiExec.exe

c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

.

**************************************************************************

.

Completion time: 2011-06-08 18:35:37 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-08 23:35

.

Pre-Run: 111,991,820,288 bytes free

Post-Run: 111,470,837,760 bytes free

.

- - End Of File - - B0EE910BACB0A37A1B128B6DE4E20D8D

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da879c19-9088-418b-a63a-2e6fb294eaf0}"=-
[-HKEY_CLASSES_ROOT\clsid\{da879c19-9088-418b-a63a-2e6fb294eaf0}]
[-HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{26582F40-76E8-4A2A-B30C-26832801B787}]
[-HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5712A6BB-B6C8-4E52-A152-1BA741C9A6A2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{85741F1D-ED47-4DCF-9109-07D10213C4D0}"=-
[-HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
[-HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
[-HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
[-HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{85741F1D-ED47-4DCF-9109-07D10213C4D0}"=-
[-HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
[-HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
[-HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
[-HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

My PC is still bringing up the Google folder on reboot, otherwise performing better than before.

Here are the results of ComboFix:

ComboFix 11-06-09.01 - Sylvie 06/09/2011 11:14:13.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.556 [GMT -5:00]

Running from: c:\documents and settings\Sylvie\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Sylvie\Desktop\CFScript.txt

AV: PC Tools AntiVirus Free *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))

.

.

2011-06-07 20:33 . 2011-06-07 20:33 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Google Talk

2011-06-07 04:35 . 2011-06-07 04:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-06-07 03:11 . 2011-06-07 03:11 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Windows Search

2011-06-06 03:57 . 2011-06-06 03:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-06-06 03:49 . 2011-06-06 03:49 0 ----a-w- c:\windows\Dbucimonusi.bin

2011-06-02 00:21 . 2011-06-02 00:21 53248 ----a-r- c:\documents and settings\Sylvie\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-06-01 23:46 . 2011-06-01 23:46 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Logitech

2011-06-01 05:41 . 2011-06-01 05:42 -------- d-----w- C:\Sylvie

2011-05-31 19:23 . 2011-05-31 19:23 -------- d-----w- c:\documents and settings\All Users\Microsoft

2011-05-31 19:21 . 2011-05-31 19:21 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-05-31 19:18 . 2011-05-31 19:18 -------- d-----w- c:\documents and settings\Sylvie\Local Settings\Application Data\Microsoft Help

2011-05-31 19:17 . 2011-06-08 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2011-05-30 08:06 . 2011-05-30 08:06 -------- d-----w- c:\windows\system32\winrm

2011-05-30 08:06 . 2011-05-30 08:06 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-05-30 08:05 . 2011-05-30 08:05 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Windows Desktop Search

2011-05-30 08:03 . 2011-05-30 18:20 -------- d-----w- c:\program files\Windows Desktop Search

2011-05-30 08:02 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-05-30 08:02 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-05-30 08:02 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2011-05-30 08:01 . 2011-05-30 08:01 -------- d-----w- c:\program files\Windows Media Connect 2

2011-05-30 07:57 . 2011-05-30 07:59 -------- d-----w- c:\windows\system32\drivers\UMDF

2011-05-30 07:57 . 2011-05-30 07:57 -------- d-----w- c:\windows\system32\LogFiles

2011-05-30 07:30 . 2011-05-30 07:30 -------- d-----w- c:\documents and settings\Sylvie\Local Settings\Application Data\LogiShrd

2011-05-30 07:27 . 2011-05-30 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

2011-05-30 07:27 . 2011-05-30 07:27 -------- d-----w- c:\program files\Common Files\LWS

2011-05-30 06:22 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-05-30 06:22 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-05-30 06:20 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-05-30 06:20 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-05-30 06:20 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-05-30 06:19 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-05-30 06:18 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-05-30 06:16 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-05-29 12:49 . 2011-04-27 20:37 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-05-29 12:49 . 2011-04-27 20:37 2074576 ----a-w- c:\windows\PCTBDCore.dll

2011-05-29 12:49 . 2011-04-27 20:37 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-05-29 12:49 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-05-29 12:49 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-05-29 12:49 . 2011-03-10 14:08 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-05-21 11:35 . 2011-05-21 11:35 -------- d-----w- c:\program files\Microsoft Silverlight

2011-05-11 22:55 . 2011-05-18 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras

2011-05-11 22:54 . 2011-06-03 07:19 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Skype

2011-05-11 22:53 . 2011-05-11 22:53 -------- d-----w- c:\program files\Common Files\Skype

2011-05-11 22:53 . 2011-05-11 22:54 -------- d-----r- c:\program files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 14:11 . 2010-01-25 06:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11 . 2010-01-25 06:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-27 20:36 . 2010-07-19 02:15 767952 ----a-w- c:\windows\BDTSupport.dll

2011-04-20 04:32 . 2003-03-19 00:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-04-20 04:32 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-01 10:08 . 2011-04-01 10:08 195168 ----a-w- c:\windows\system32\lvci13251014.dll

2011-04-01 05:11 . 2009-05-09 17:24 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys

2011-04-01 05:10 . 2009-05-09 17:24 539232 ----a-w- c:\windows\system32\LVUI2RC.dll

2011-04-01 05:10 . 2009-05-09 17:24 543328 ----a-w- c:\windows\system32\LVUI2.dll

2011-04-01 05:09 . 2009-05-09 17:23 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys

2011-04-01 05:08 . 2009-05-09 17:24 301664 ----a-w- c:\windows\system32\lvcodec2.dll

2011-04-01 05:07 . 2011-04-01 10:07 10877272 ----a-w- c:\windows\system32\LogiDPP.dll

2011-04-01 05:07 . 2011-04-01 10:07 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe

2011-04-01 05:06 . 2011-04-01 10:06 331608 ----a-w- c:\windows\system32\DevManagerCore.dll

2011-04-01 04:56 . 2009-05-09 17:23 39318 ----a-w- c:\windows\system32\Repository.reg

2011-03-23 04:58 . 2011-03-23 04:58 14168 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-07-30 226576]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-09-04 6856704]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

"googletalk"="c:\documents and settings\Sylvie\Application Data\Google Talk\googletalk.exe" [2011-06-07 134656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]

"PMX Daemon"="ICO.EXE" [2006-11-08 49152]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-06-23 53248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-08 98304]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-20 273544]

"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-04-27 247760]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

Microsoft Office.lnk - c:\program files\Microsoft Office XP\Office10\OSA.EXE [2001-2-13 83360]

officejet 6100.lnk - c:\program files\HP\Digital Imaging\bin\hposol08.exe [2003-4-9 147456]

SELPHY Photo Print Launcher.lnk - c:\program files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe [2009-3-24 135168]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2006-12-30 69632]

VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2009-12-17 6144]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-01-02 23:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2007-09-04 21:40 6856704 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gusvc"=2 (0x2)

"gupdate1c9d359281aab1a"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Sylvie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Sylvie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\TroubleShooter.exe"=

"c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\ToolbarUpdate.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/1/2010 5:20 PM 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [5/29/2011 7:49 AM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [5/29/2011 7:49 AM 656320]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [5/29/2011 7:49 AM 233976]

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 6:25 PM 65536]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [5/29/2011 7:49 AM 337872]

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [3/4/2010 5:40 PM 266240]

R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 5:11 AM 428640]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate1c9d359281aab1a;Google Update Service (gupdate1c9d359281aab1a);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2009 6:27 PM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2009 6:27 PM 133104]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [12/30/2006 12:26 PM 18432]

S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [12/30/2006 12:26 PM 14336]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [5/29/2011 7:49 AM 371472]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 6:00 PM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ sysagent

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-27 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4293127098.job

- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]

.

2011-06-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-29 00:07]

.

2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 23:27]

.

2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 23:27]

.

2011-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886524922-2343721888-3062340848-1005Core.job

- c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-09 17:37]

.

2011-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886524922-2343721888-3062340848-1005UA.job

- c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-09 17:37]

.

2011-06-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-886524922-2343721888-3062340848-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]

.

2011-06-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-886524922-2343721888-3062340848-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 205.171.3.25 205.171.2.25

DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab

DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab

FF - ProfilePath - c:\documents and settings\Sylvie\Application Data\Mozilla\Firefox\Profiles\15ny5g5a.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 64505

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Sylvie\Application Data\Move Networks

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-09 11:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(992)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

- - - - - - - > 'explorer.exe'(2504)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\MICROS~4\MSSQL\binn\sqlservr.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\ICO.EXE

c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\HP\Digital Imaging\bin\hpoevm08.exe

c:\windows\system32\HPZipm12.exe

c:\program files\HP\Digital Imaging\Bin\hpoSTS08.exe

.

**************************************************************************

.

Completion time: 2011-06-09 11:30:51 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-09 16:30

ComboFix2.txt 2011-06-08 23:35

.

Pre-Run: 112,037,621,760 bytes free

Post-Run: 112,063,737,856 bytes free

.

- - End Of File - - 5DC86A1B4CCD0E31070D1E8500DAF0C2

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Folder::
c:\Program Files\AAdvantage eShoppingSM Toolbar


FireFox::
FF - ProfilePath - c:\documents and settings\Sylvie\Application Data\Mozilla\Firefox\Profiles\15ny5g5a.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64505
FF - prefs.js: network.proxy.type - 1
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"=-

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thanks - I'm not getting the Google folder at startup, IE isn't redirecting and I'm not losing connectivity. Here are the ComboFix results:

ComboFix 11-06-09.03 - Sylvie 06/09/2011 14:00:57.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.485 [GMT -5:00]

Running from: c:\documents and settings\Sylvie\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Sylvie\Desktop\CFScript.txt

AV: PC Tools AntiVirus Free *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\AAdvantage eShoppingSM Toolbar

c:\program files\AAdvantage eShoppingSM Toolbar\aboutTabs.7.js

c:\program files\AAdvantage eShoppingSM Toolbar\aboutTabs.8.js

c:\program files\AAdvantage eShoppingSM Toolbar\audio.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\banner_container.html

c:\program files\AAdvantage eShoppingSM Toolbar\bookmark_off.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\bookmark_on.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\bookmarksplugin.dll

c:\program files\AAdvantage eShoppingSM Toolbar\bubble_permissions.html

c:\program files\AAdvantage eShoppingSM Toolbar\build

c:\program files\AAdvantage eShoppingSM Toolbar\caching_banner.html

c:\program files\AAdvantage eShoppingSM Toolbar\chevron.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\component.xsl

c:\program files\AAdvantage eShoppingSM Toolbar\default.xml

c:\program files\AAdvantage eShoppingSM Toolbar\efolder.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\email.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\email2.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\emailchecker_plugin.dll

c:\program files\AAdvantage eShoppingSM Toolbar\facebook.feature

c:\program files\AAdvantage eShoppingSM Toolbar\fbrss.xsl

c:\program files\AAdvantage eShoppingSM Toolbar\ff.xsl

c:\program files\AAdvantage eShoppingSM Toolbar\folder.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\Helper.dll

c:\program files\AAdvantage eShoppingSM Toolbar\icons.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\iefavelem.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\amazon.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\ebay.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\email.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\email2.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\down.gif

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\hr.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\mark.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\mark_do.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\mark_na.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\navbg.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\refresh.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\refresh_do.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\refresh_na.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\trash.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\trash_do.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\trash_na.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\unmark.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\unmark_do.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\unmark_na.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\msgbox\up.gif

c:\program files\AAdvantage eShoppingSM Toolbar\images\ticker\left.gif

c:\program files\AAdvantage eShoppingSM Toolbar\images\ticker\right.gif

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\0.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\1.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\10.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\11.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\12.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\13.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\14.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\15.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\16.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\17.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\18.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\19.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\2.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\20.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\21.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\22.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\23.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\24.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\25.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\26.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\27.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\28.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\29.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\3.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\30.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\31.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\32.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\33.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\34.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\35.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\36.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\37.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\38.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\39.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\4.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\40.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\41.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\42.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\43.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\44.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\45.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\46.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\47.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\5.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\6.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\7.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\8.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\9.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\hr.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\na.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\0.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\1.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\10.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\11.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\12.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\13.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\14.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\15.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\16.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\17.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\18.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\19.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\2.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\20.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\21.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\22.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\23.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\24.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\25.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\26.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\27.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\28.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\29.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\3.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\30.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\31.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\32.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\33.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\34.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\35.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\36.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\37.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\38.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\39.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\4.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\40.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\41.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\42.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\43.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\44.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\45.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\46.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\47.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\5.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\6.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\7.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\8.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\9.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\na.png

c:\program files\AAdvantage eShoppingSM Toolbar\images\weather\png\Thumbs.db

c:\program files\AAdvantage eShoppingSM Toolbar\images\wikipedia.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\images\yahoo.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\localization.xml

c:\program files\AAdvantage eShoppingSM Toolbar\location.xsl

c:\program files\AAdvantage eShoppingSM Toolbar\magglass.ico

c:\program files\AAdvantage eShoppingSM Toolbar\manage_bookmarks.html

c:\program files\AAdvantage eShoppingSM Toolbar\marquee.html

c:\program files\AAdvantage eShoppingSM Toolbar\marquee_permissions.html

c:\program files\AAdvantage eShoppingSM Toolbar\messaging.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\minus.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\msgbox_bubble.tmpl

c:\program files\AAdvantage eShoppingSM Toolbar\msgbox_openmsg.tmpl

c:\program files\AAdvantage eShoppingSM Toolbar\msgboxplugin.dll

c:\program files\AAdvantage eShoppingSM Toolbar\offline.html

c:\program files\AAdvantage eShoppingSM Toolbar\patch.bat

c:\program files\AAdvantage eShoppingSM Toolbar\plus.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\podcast.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\podcast.xsl

c:\program files\AAdvantage eShoppingSM Toolbar\radio.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\RadioPlugin.dll

c:\program files\AAdvantage eShoppingSM Toolbar\resize.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\rssfeed.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\RSSReader_plugin.dll

c:\program files\AAdvantage eShoppingSM Toolbar\search.xsl

c:\program files\AAdvantage eShoppingSM Toolbar\SearchComponent.dll

c:\program files\AAdvantage eShoppingSM Toolbar\settings

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_dropdwn_down.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_dropdwn_over.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_dropdwn_up.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_max_down.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_max_over.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_max_up.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_min_down.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_min_over.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_min_up.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_pause_down.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_pause_over.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_pause_up.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_play_down.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_play_over.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_play_up.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_playcntrl_over.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_playcntrl_up.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_stop_down.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_stop_over.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_stop_up.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_volcntrl_over.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\btn_volcntrl_up.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\Equalizer1.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\Equalizer2.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\Equalizer3.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\Equalizer4.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\Equalizer5.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\Equalizer6.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\playcntrl_bg.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\radio.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\radio_mask.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\radio_minimalized.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\radio_minimalized_mask.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\station.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\vol_01.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\vol_02.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\vol_03.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\volslide_bg.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\skins\radio\gray03\volslide_track.bmp

c:\program files\AAdvantage eShoppingSM Toolbar\star_on.gif

c:\program files\AAdvantage eShoppingSM Toolbar\ticker.html

c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll

c:\program files\AAdvantage eShoppingSM Toolbar\ToolbarUpdate.exe

c:\program files\AAdvantage eShoppingSM Toolbar\TroubleShooter.exe

c:\program files\AAdvantage eShoppingSM Toolbar\Uninst.exe

c:\program files\AAdvantage eShoppingSM Toolbar\update_progress.html

c:\program files\AAdvantage eShoppingSM Toolbar\version.txt

c:\program files\AAdvantage eShoppingSM Toolbar\version.xsl

c:\program files\AAdvantage eShoppingSM Toolbar\weather_bubble.tmpl

c:\program files\AAdvantage eShoppingSM Toolbar\weatherplugin.dll

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\install.rdf

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\install.rdf

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))

.

.

2011-06-07 20:33 . 2011-06-07 20:33 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Google Talk

2011-06-07 04:35 . 2011-06-07 04:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-06-07 03:11 . 2011-06-07 03:11 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Windows Search

2011-06-06 03:57 . 2011-06-06 03:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-06-06 03:49 . 2011-06-06 03:49 0 ----a-w- c:\windows\Dbucimonusi.bin

2011-06-02 00:21 . 2011-06-02 00:21 53248 ----a-r- c:\documents and settings\Sylvie\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-06-01 23:46 . 2011-06-01 23:46 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Logitech

2011-06-01 05:41 . 2011-06-01 05:42 -------- d-----w- C:\Sylvie

2011-05-31 19:23 . 2011-05-31 19:23 -------- d-----w- c:\documents and settings\All Users\Microsoft

2011-05-31 19:21 . 2011-05-31 19:21 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-05-31 19:18 . 2011-05-31 19:18 -------- d-----w- c:\documents and settings\Sylvie\Local Settings\Application Data\Microsoft Help

2011-05-31 19:17 . 2011-06-08 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2011-05-30 08:06 . 2011-05-30 08:06 -------- d-----w- c:\windows\system32\winrm

2011-05-30 08:06 . 2011-05-30 08:06 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-05-30 08:05 . 2011-05-30 08:05 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Windows Desktop Search

2011-05-30 08:03 . 2011-05-30 18:20 -------- d-----w- c:\program files\Windows Desktop Search

2011-05-30 08:02 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-05-30 08:02 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-05-30 08:02 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2011-05-30 08:01 . 2011-05-30 08:01 -------- d-----w- c:\program files\Windows Media Connect 2

2011-05-30 07:57 . 2011-05-30 07:59 -------- d-----w- c:\windows\system32\drivers\UMDF

2011-05-30 07:57 . 2011-05-30 07:57 -------- d-----w- c:\windows\system32\LogFiles

2011-05-30 07:30 . 2011-05-30 07:30 -------- d-----w- c:\documents and settings\Sylvie\Local Settings\Application Data\LogiShrd

2011-05-30 07:27 . 2011-05-30 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

2011-05-30 07:27 . 2011-05-30 07:27 -------- d-----w- c:\program files\Common Files\LWS

2011-05-30 06:22 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-05-30 06:22 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-05-30 06:20 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-05-30 06:20 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-05-30 06:20 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-05-30 06:19 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-05-30 06:18 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-05-30 06:16 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-05-29 12:49 . 2011-04-27 20:37 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-05-29 12:49 . 2011-04-27 20:37 2074576 ----a-w- c:\windows\PCTBDCore.dll

2011-05-29 12:49 . 2011-04-27 20:37 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-05-29 12:49 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-05-29 12:49 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-05-29 12:49 . 2011-03-10 14:08 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-05-21 11:35 . 2011-05-21 11:35 -------- d-----w- c:\program files\Microsoft Silverlight

2011-05-11 22:55 . 2011-05-18 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras

2011-05-11 22:54 . 2011-06-03 07:19 -------- d-----w- c:\documents and settings\Sylvie\Application Data\Skype

2011-05-11 22:53 . 2011-05-11 22:53 -------- d-----w- c:\program files\Common Files\Skype

2011-05-11 22:53 . 2011-05-11 22:54 -------- d-----r- c:\program files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 14:11 . 2010-01-25 06:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11 . 2010-01-25 06:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-27 20:36 . 2010-07-19 02:15 767952 ----a-w- c:\windows\BDTSupport.dll

2011-04-20 04:32 . 2003-03-19 00:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-04-20 04:32 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-01 10:08 . 2011-04-01 10:08 195168 ----a-w- c:\windows\system32\lvci13251014.dll

2011-04-01 05:11 . 2009-05-09 17:24 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys

2011-04-01 05:10 . 2009-05-09 17:24 539232 ----a-w- c:\windows\system32\LVUI2RC.dll

2011-04-01 05:10 . 2009-05-09 17:24 543328 ----a-w- c:\windows\system32\LVUI2.dll

2011-04-01 05:09 . 2009-05-09 17:23 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys

2011-04-01 05:08 . 2009-05-09 17:24 301664 ----a-w- c:\windows\system32\lvcodec2.dll

2011-04-01 05:07 . 2011-04-01 10:07 10877272 ----a-w- c:\windows\system32\LogiDPP.dll

2011-04-01 05:07 . 2011-04-01 10:07 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe

2011-04-01 05:06 . 2011-04-01 10:06 331608 ----a-w- c:\windows\system32\DevManagerCore.dll

2011-04-01 04:56 . 2009-05-09 17:23 39318 ----a-w- c:\windows\system32\Repository.reg

2011-03-23 04:58 . 2011-03-23 04:58 14168 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-07-30 226576]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-09-04 6856704]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]

"PMX Daemon"="ICO.EXE" [2006-11-08 49152]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-06-23 53248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-08 98304]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-20 273544]

"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-04-27 247760]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

Microsoft Office.lnk - c:\program files\Microsoft Office XP\Office10\OSA.EXE [2001-2-13 83360]

officejet 6100.lnk - c:\program files\HP\Digital Imaging\bin\hposol08.exe [2003-4-9 147456]

SELPHY Photo Print Launcher.lnk - c:\program files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe [2009-3-24 135168]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2006-12-30 69632]

VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2009-12-17 6144]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-01-02 23:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2007-09-04 21:40 6856704 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gusvc"=2 (0x2)

"gupdate1c9d359281aab1a"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Sylvie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Sylvie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/1/2010 5:20 PM 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [5/29/2011 7:49 AM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [5/29/2011 7:49 AM 656320]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [5/29/2011 7:49 AM 233976]

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 6:25 PM 65536]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [5/29/2011 7:49 AM 337872]

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [3/4/2010 5:40 PM 266240]

R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 5:11 AM 428640]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate1c9d359281aab1a;Google Update Service (gupdate1c9d359281aab1a);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2009 6:27 PM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2009 6:27 PM 133104]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [12/30/2006 12:26 PM 18432]

S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [12/30/2006 12:26 PM 14336]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [5/29/2011 7:49 AM 371472]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 6:00 PM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ sysagent

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-27 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4293127098.job

- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]

.

2011-06-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-29 00:07]

.

2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 23:27]

.

2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 23:27]

.

2011-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886524922-2343721888-3062340848-1005Core.job

- c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-09 17:37]

.

2011-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886524922-2343721888-3062340848-1005UA.job

- c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-09 17:37]

.

2011-06-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-886524922-2343721888-3062340848-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]

.

2011-06-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-886524922-2343721888-3062340848-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 205.171.3.25 205.171.2.25

DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab

DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab

FF - ProfilePath - c:\documents and settings\Sylvie\Application Data\Mozilla\Firefox\Profiles\15ny5g5a.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Sylvie\Application Data\Move Networks

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-AAdvantage eShoppingSM Toolbar - c:\program files\AAdvantage eShoppingSM Toolbar\Uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-09 14:12

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(1000)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

- - - - - - - > 'explorer.exe'(2376)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\MICROS~4\MSSQL\binn\sqlservr.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\ICO.EXE

c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\HP\Digital Imaging\bin\hpoevm08.exe

c:\windows\system32\HPZipm12.exe

c:\program files\HP\Digital Imaging\Bin\hpoSTS08.exe

.

**************************************************************************

.

Completion time: 2011-06-09 14:18:08 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-09 19:18

ComboFix2.txt 2011-06-09 16:30

ComboFix3.txt 2011-06-08 23:35

.

Pre-Run: 112,058,585,088 bytes free

Post-Run: 112,151,740,416 bytes free

.

- - End Of File - - 56BE1A7939BF3F9AE50FA6A250A8C486

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

Link to post
Share on other sites

Thanks for your extensive and thorough help!!!!!!!!!!!! I'm so glad to have my PC back in working order.

Can you provide any specific suggestions for Antivirus software and firewall? I must be doing something wrong and would really like to set up a stronger defense.

Also, as I mentioned in a previous post, the other PC on my home network started redirecting in IE while we were working on this one. Should I start a new post?

Thank you thank you thank you - I'm so appreciative of your expertise and the effort you put into this.

Link to post
Share on other sites

Start a new topic for the other one and let me know when you start the topic.

Run a MBAM scan and post the results in the new topic.

Only run one Anti-Virus at a time so if you change, uninstall what you have now.

I use MSE myself but that doesn't mean it's better, I just like it better.

If you don't have MBAM Pro, I highly suggest you purchase it so it's an active malware/spyware protector.

As for a Firewall, I use the built-in Microsoft one.

Regardless of the protection you have, you still need to be VERY careful of downloads, social networks and emails.

Use an AntiVirus Software - Choose only one - More than one will conflict. It is very important that your computer has anti-virus software running to protect against viruses. Update Antivirus prior to manual scans as necessary or as used. Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.